The design of a trusted system based on the Trusted Computing Group's Trusted Platform Module (TPM) was analyzed to understand the role and trust relationships of the TPM, firmware, and software modules involved.
Analysis of a Measured Launch
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
The design of a trusted system based on the Trusted Computing Group's Trusted Platform Module (TPM) was analyzed to understand the role and trust relationships of the TPM, firmware, and software modules involved. The objective was to confirm that the measurements stored and reported by the TPM can successfully discriminate a normal boot sequence, which leaves trusted system software in control, from an insecure one, where some trusted modules might have been replaced by malicious ones. The principal tool used in the analysis was the SMV symbolic model checker.